» 小米miflash+2014.05.09+中文版@25_64623.exe
Overview
Analysis
File Details
Downloads (5)

小米miflash+2014.05.09+中文版@25_64623.exe

downloader of lewell

Hefei Lewei Information Technology Co.,Ltd.

The application 小米miflash+2014.05.09+中文版@25_64623.exe by Hefei Lewei Information Technology Co.,Ltd has been detected as a potentially unwanted program by 20 anti-malware scanners. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from xiazai.zol.com.cn and multiple other hosts.

File name:

Publisher:

Hefei Lewei Information Technology Co.,Ltd. (signed and verified)

Product:

downloader of lewell

Version:

1.0.0.3

MD5:

96dd80012c33291e1621b66f5bd66967

SHA-1:

7abd579fda8e4aeb080ee12a94bc21d53b60b288

SHA-256:

abf21bb789e34677c8140d6b60c8a98b1501f7947f76c2c5991a1f48e0400890

Scanner detections:

20 / 68

Status:

Potentially unwanted

Explanation:

Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:

11/5/2024 11:13:42 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.Qjwmonkey

7.1.1

AhnLab V3 Security

PUP/Win32.Generic

2015.12.11

Avira AntiVirus

APPL/Qjwmonkey.cfk

8.3.2.4

avast!

Win32:Adware-gen [Adw]

2014.9-151210

AVG

Generic7

2016.0.2899

Baidu Antivirus

Adware.Win32.Qjwmonkey

4.0.3.151210

Clam AntiVirus

Win.Adware.Kazy-921

0.98/21511

Dr.Web

Adware.Qjwmonkey.49

9.0.1.0344

ESET NOD32

Win32/Adware.Qjwmonkey (variant)

9.12702

Fortinet FortiGate

Riskware/Qjwmonkey

12/10/2015

G Data

Win32.Adware.Qjwmonkey

15.12.25

IKARUS anti.virus

PUA.Qjwmonkey

t3scan.1.9.5.0

K7 AntiVirus

Adware

13.212.18071

McAfee

Artemis!96DD80012C33

5600.6555

NANO AntiVirus

Riskware.Win32.Qjwmonkey.dyznft

1.0.10.5081

Panda Antivirus

Trj/Genetic.gen

15.12.10.08

Rising Antivirus

PE:Adware.Qjwmonkey!1.A299 [F]

23.00.65.151208

VIPRE Antivirus

Trojan.Win32.Generic

45742

ViRobot

Adware.Qjwmonkey.746576[h]

2014.3.20.0

Zillya! Antivirus

Adware.OutBrowse.Win32.65860

2.0.0.2557

File size:

729.1 KB (746,576 bytes)

Product version:

1.0.0.3

Original file name:

downloader of lewell

File type:

Executable application (Win32 EXE)

Language:

Chinese (Simplified, China)

Digital Signature

Signed by:

Hefei Lewei Information Technology Co.,Ltd.

Authority:

WoSign CA Limited

Valid from:

10/29/2015 9:17:37 AM

Valid to:

10/29/2016 9:17:37 AM

Subject:

CN="Hefei Lewei Information Technology Co.,Ltd.", O="Hefei Lewei Information Technology Co.,Ltd.", L=Hefei, S=Anhui, C=CN

Issuer:

CN=WoSign Class 3 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:

5AB7015B756534ACC678E7DB75D22D97

File PE Metadata

Compilation timestamp:

11/24/2015 8:19:55 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

12288:4JBjtWilh02q4etFLqOb67jBRBq8BZhrnkNUNiyFxdslFW:4J5uJ7bsBRBLtrnkNU/xdsXW

Entry address:

0x1FF0B

Entry point:

E8, A9, A3, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 0C, 57, 33, FF, 85, F6, 74, 1B, 6A, E0, 33, D2, 58, F7, F6, 3B, 45, 10, 73, 0F, E8, 9F, 11, 00, 00, C7, 00, 0C, 00, 00, 00, 33, C0, EB, 3C, 0F, AF, 75, 10, 53, 8B, 5D, 08, 85, DB, 74, 09, 53, E8, EB, 2A, 00, 00, 59, 8B, F8, 56, 53, E8, E5, A4, 00, 00, 8B, D8, 59, 59, 85, DB, 74, 15, 3B, FE, 73, 11, 2B, F7, 8D, 04, 1F, 56, 6A, 00, 50, E8, 0C, 00, 00, 00, 83, C4, 0C, 8B, C3, 5B, 5F, 5E, 5D, C3, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74... 
[+]

Entropy:

6.4174

Code size:

219 KB (224,256 bytes)

The file 小米miflash+2014.05.09+中文版@25_64623.exe has been seen being distributed by the following 5 URLs.

http://xiazai.zol.com.cn/down.php?nn=98a21f9277d3a14de&softid=330483&subcateid=130&site=10&server=10&rand=1963878&position=1

http://xiazai.zol.com.cn/down.php?nn=b4558a7cca0e689d1&softid=54423&subcateid=279&site=10b&server=10&rand=982414

http://driver.zol.com.cn/down.php?softid=447623&subcatid=90&site=9b

http://xiazai.zol.com.cn/down.php?nn=e8cb4c697f67a460b&softid=313019&subcateid=50&site=10&server=10&rand=3056113

http://xiazai.zol.com.cn/down.php?nn=23001e1729afe594e&softid=406930&subcateid=1444&site=10&server=10&rand=6539150&position=1

Remove 小米miflash+2014.05.09+中文版@25_64623.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.